Skip to content

Remote MCP with custom headers returning 401 Unauthorized despite oauth: false #30428

Closed
Closed
Remote MCP with custom headers returning 401 Unauthorized despite oauth: false#30428
Assignees
rekram1-node
@andresparilli

Description

@andresparilli
andresparilli
opened on Jun 2, 2026

OpenCode version: 1.15.13
OS: Linux
MCP Server: Custom JSON-RPC server on VPS (Streamable HTTP)

Configuration

"mcp": {
  "Bot": {
    "type": "remote",
    "url": "http://<vps-ip>:8899/jsonrpc",
    "headers": {
      "X-Bot-Token": "<token>"
    },
    "oauth": false
  }
}

Expected behavior

With oauth: false explicitly set, OpenCode should send the static headers on every request to the remote MCP server.

Actual behavior

  1. opencode mcp list shows "✓ Bot connected"
  2. opencode mcp debug Bot returns "401 Unauthorized"
  3. Tools from this MCP are not available to agents
  4. Direct curl to the same endpoint with same headers WORKS: 
    curl -X POST http://<vps-ip>:8899/jsonrpc \
  -H "Content-Type: application/json" \
  -H "X-Bot-Token: <token>" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"run_bot","arguments":{"message":"test"}},"id":1}' \
# Returns successful response from MCP server

Analysis

This appears similar to:

But the specific case of static custom headers with oauth: false returning 401 does not match exactly.

The server appears "connected" in mcp list but the actual tool calls fail with 401. This suggests OpenCode may be trying OAuth anyway despite oauth: false, or headers are being dropped during the tool call request phase.

Workaround

Using curl directly works:

curl -s -X POST http://<vps-ip>:8899/jsonrpc \
  -H "Content-Type: application/json" \
  -H "X-Bot-Token: <token>" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"run_bot","arguments":{"message":"\$1"}},"id":1}'

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions